[BUGFIX]false hit 0.0.0.0
This commit is contained in:
liuwentan
114
src/maat_ip.c
114
src/maat_ip.c
@@ -681,7 +681,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
|
|||||||
return ip_rt->ipv6_rule_num;
|
return ip_rt->ipv6_rule_num;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int validate_port(struct ip_item *item, uint16_t port, int proto)
|
static int validate_port_proto(struct ip_item *item, uint16_t port, int proto)
|
||||||
{
|
{
|
||||||
uint16_t host_port = ntohs(port);
|
uint16_t host_port = ntohs(port);
|
||||||
|
|
||||||
@@ -696,15 +696,6 @@ static int validate_port(struct ip_item *item, uint16_t port, int proto)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int validate_proto(struct ip_item *item, int proto)
|
|
||||||
{
|
|
||||||
if (item->proto != -1 && item->proto != proto) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
|
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
|
||||||
uint8_t *ip_addr, uint16_t port, int proto, int vtable_id,
|
uint8_t *ip_addr, uint16_t port, int proto, int vtable_id,
|
||||||
struct maat_state *state)
|
struct maat_state *state)
|
||||||
@@ -714,105 +705,56 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if ip_addr = "0.0.0.0" means any ip */
|
|
||||||
int any_ip_flag = 0;
|
|
||||||
struct ip_data scan_data;
|
struct ip_data scan_data;
|
||||||
struct scan_result ip_results[MAX_SCANNER_HIT_ITEM_NUM];
|
struct scan_result ip_results[MAX_SCANNER_HIT_ITEM_NUM];
|
||||||
|
|
||||||
if (ip_type == IPv4) {
|
if (ip_type == IPv4) {
|
||||||
scan_data.type = IPv4;
|
scan_data.type = IPv4;
|
||||||
scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr);
|
scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr);
|
||||||
if (0 == scan_data.ipv4) {
|
|
||||||
any_ip_flag = 1;
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
scan_data.type = IPv6;
|
scan_data.type = IPv6;
|
||||||
for (int i = 0; i < 4; i++) {
|
for (int i = 0; i < 4; i++) {
|
||||||
scan_data.ipv6[i] = *((uint32_t *)ip_addr + i);
|
scan_data.ipv6[i] = *((uint32_t *)ip_addr + i);
|
||||||
}
|
}
|
||||||
ipv6_ntoh(scan_data.ipv6);
|
ipv6_ntoh(scan_data.ipv6);
|
||||||
if (0 == scan_data.ipv6[0] && 0 == scan_data.ipv6[1] &&
|
|
||||||
0 == scan_data.ipv6[2] && 0 == scan_data.ipv6[3]) {
|
|
||||||
any_ip_flag = 1;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
size_t real_hit_item_cnt = 0;
|
size_t real_hit_item_cnt = 0;
|
||||||
struct maat_item hit_maat_items[MAX_SCANNER_HIT_ITEM_NUM];
|
struct maat_item hit_maat_items[MAX_SCANNER_HIT_ITEM_NUM];
|
||||||
|
|
||||||
// any ip, so scan port+proto
|
if (NULL == ip_rt->ip_matcher) {
|
||||||
if (1 == any_ip_flag) {
|
return 0;
|
||||||
struct interval_result port_results[MAX_SCANNER_HIT_ITEM_NUM];
|
}
|
||||||
uint16_t host_port = ntohs(port);
|
|
||||||
|
|
||||||
if (NULL == ip_rt->intval_matcher) {
|
int n_hit_ip_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data,
|
||||||
return 0;
|
ip_results, MAX_SCANNER_HIT_ITEM_NUM);
|
||||||
|
if (n_hit_ip_item <= 0) {
|
||||||
|
return n_hit_ip_item;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (n_hit_ip_item > MAX_SCANNER_HIT_ITEM_NUM) {
|
||||||
|
n_hit_ip_item = MAX_SCANNER_HIT_ITEM_NUM;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (size_t i = 0; i < n_hit_ip_item; i++) {
|
||||||
|
long long item_id = ip_results[i].rule_id;
|
||||||
|
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
|
||||||
|
(char *)&item_id,
|
||||||
|
sizeof(long long));
|
||||||
|
if (!ip_item) {
|
||||||
|
// item config has been deleted
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
int n_hit_port_item = interval_matcher_match(ip_rt->intval_matcher, host_port,
|
ret = validate_port_proto(ip_item, port, proto);
|
||||||
port_results, MAX_SCANNER_HIT_ITEM_NUM);
|
if (ret < 0) {
|
||||||
if (n_hit_port_item <= 0) {
|
continue;
|
||||||
return n_hit_port_item;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (n_hit_port_item > MAX_SCANNER_HIT_ITEM_NUM) {
|
hit_maat_items[real_hit_item_cnt].item_id = ip_results[i].rule_id;
|
||||||
n_hit_port_item = MAX_SCANNER_HIT_ITEM_NUM;
|
hit_maat_items[real_hit_item_cnt].group_id = ip_item->group_id;
|
||||||
}
|
real_hit_item_cnt++;
|
||||||
|
|
||||||
for (int i = 0; i < n_hit_port_item; i++) {
|
|
||||||
long long item_id = port_results[i].rule_id;
|
|
||||||
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
|
|
||||||
(char *)&item_id,
|
|
||||||
sizeof(long long));
|
|
||||||
if (!ip_item) {
|
|
||||||
// item config has been deleted
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = validate_proto(ip_item, proto);
|
|
||||||
if (ret < 0) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
hit_maat_items[real_hit_item_cnt].item_id = port_results[i].rule_id;
|
|
||||||
hit_maat_items[real_hit_item_cnt].group_id = ip_item->group_id;
|
|
||||||
real_hit_item_cnt++;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if (NULL == ip_rt->ip_matcher) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int n_hit_ip_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data,
|
|
||||||
ip_results, MAX_SCANNER_HIT_ITEM_NUM);
|
|
||||||
if (n_hit_ip_item <= 0) {
|
|
||||||
return n_hit_ip_item;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (n_hit_ip_item > MAX_SCANNER_HIT_ITEM_NUM) {
|
|
||||||
n_hit_ip_item = MAX_SCANNER_HIT_ITEM_NUM;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (size_t i = 0; i < n_hit_ip_item; i++) {
|
|
||||||
long long item_id = ip_results[i].rule_id;
|
|
||||||
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
|
|
||||||
(char *)&item_id,
|
|
||||||
sizeof(long long));
|
|
||||||
if (!ip_item) {
|
|
||||||
// item config has been deleted
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = validate_port(ip_item, port, proto);
|
|
||||||
if (ret < 0) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
hit_maat_items[real_hit_item_cnt].item_id = ip_results[i].rule_id;
|
|
||||||
hit_maat_items[real_hit_item_cnt].group_id = ip_item->group_id;
|
|
||||||
real_hit_item_cnt++;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
|
maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
|
||||||
|
|||||||
@@ -1551,6 +1551,180 @@ protected:
|
|||||||
struct maat *MaatIPScan::_shared_maat_inst;
|
struct maat *MaatIPScan::_shared_maat_inst;
|
||||||
struct log_handle *MaatIPScan::logger;
|
struct log_handle *MaatIPScan::logger;
|
||||||
|
|
||||||
|
TEST_F(MaatIPScan, IPv4ScanDataFull_0) {
|
||||||
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
|
int thread_id = 0;
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
char ip_str1[32] = "0.0.0.0";
|
||||||
|
uint32_t sip1;
|
||||||
|
int ret = inet_pton(AF_INET, ip_str1, &sip1);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
uint16_t port = htons(65530);
|
||||||
|
int proto = 6;
|
||||||
|
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
ret = maat_scan_ipv4(maat_inst, table_id, sip1, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
EXPECT_EQ(n_hit_result, 0);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
state = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatIPScan, IPv4ScanDataFull_1) {
|
||||||
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
|
int thread_id = 0;
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
char ip_str1[32] = "255.255.255.255";
|
||||||
|
uint32_t sip1;
|
||||||
|
int ret = inet_pton(AF_INET, ip_str1, &sip1);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
uint16_t port = htons(5210);
|
||||||
|
int proto = 6;
|
||||||
|
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
ret = maat_scan_ipv4(maat_inst, table_id, sip1, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
EXPECT_EQ(n_hit_result, 0);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
state = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatIPScan, IPv4RuleFull_0) {
|
||||||
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
|
int thread_id = 0;
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
char ip_str[32] = "100.64.3.1";
|
||||||
|
uint32_t sip;
|
||||||
|
int ret = inet_pton(AF_INET, ip_str, &sip);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
uint16_t port = htons(20303);
|
||||||
|
int proto = 6;
|
||||||
|
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
ret = maat_scan_ipv4(maat_inst, table_id, sip, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
maat_state_reset(state);
|
||||||
|
|
||||||
|
port = htons(64999);
|
||||||
|
ret = maat_scan_ipv4(maat_inst, table_id, sip, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
|
EXPECT_EQ(n_hit_result, 1);
|
||||||
|
EXPECT_EQ(results[0], 169);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
state = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatIPScan, IPv6ScanDataFull_0) {
|
||||||
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
|
int thread_id = 0;
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
char ip_str[32] = "::";
|
||||||
|
uint8_t sip[16];
|
||||||
|
int ret = inet_pton(AF_INET6, ip_str, sip);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
uint16_t port = htons(65510);
|
||||||
|
int proto = 6;
|
||||||
|
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
ret = maat_scan_ipv6(maat_inst, table_id, sip, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
EXPECT_EQ(n_hit_result, 0);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatIPScan, IPv6ScanDataFull_1) {
|
||||||
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
|
int thread_id = 0;
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
char ip_str[64] = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF";
|
||||||
|
uint8_t sip[16];
|
||||||
|
int ret = inet_pton(AF_INET6, ip_str, sip);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
uint16_t port = htons(65510);
|
||||||
|
int proto = 6;
|
||||||
|
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
ret = maat_scan_ipv6(maat_inst, table_id, sip, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
EXPECT_EQ(n_hit_result, 0);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(MaatIPScan, IPv6RuleFull_0) {
|
||||||
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
|
int thread_id = 0;
|
||||||
|
|
||||||
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
char ip_str[64] = "1:1:1:1:1:1:1:1";
|
||||||
|
uint8_t sip[16];
|
||||||
|
int ret = inet_pton(AF_INET6, ip_str, sip);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
uint16_t port = htons(20303);
|
||||||
|
int proto = 6;
|
||||||
|
|
||||||
|
long long results[ARRAY_SIZE] = {0};
|
||||||
|
size_t n_hit_result = 0;
|
||||||
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
ret = maat_scan_ipv6(maat_inst, table_id, sip, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
maat_state_reset(state);
|
||||||
|
|
||||||
|
port = htons(64999);
|
||||||
|
ret = maat_scan_ipv6(maat_inst, table_id, sip, port, proto,
|
||||||
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
|
EXPECT_EQ(n_hit_result, 1);
|
||||||
|
EXPECT_EQ(results[0], 210);
|
||||||
|
|
||||||
|
maat_state_free(state);
|
||||||
|
state = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
TEST_F(MaatIPScan, IPv4_IPPort) {
|
TEST_F(MaatIPScan, IPv4_IPPort) {
|
||||||
const char *table_name = "IP_PLUS_CONFIG";
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
@@ -1579,40 +1753,6 @@ TEST_F(MaatIPScan, IPv4_IPPort) {
|
|||||||
state = NULL;
|
state = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(MaatIPScan, IPv4_Port) {
|
|
||||||
const char *table_name = "IP_PLUS_CONFIG";
|
|
||||||
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
|
||||||
int thread_id = 0;
|
|
||||||
|
|
||||||
int table_id = maat_get_table_id(maat_inst, table_name);
|
|
||||||
ASSERT_GT(table_id, 0);
|
|
||||||
|
|
||||||
char ip_str[32] = "0.0.0.0";
|
|
||||||
uint32_t sip;
|
|
||||||
int ret = inet_pton(AF_INET, ip_str, &sip);
|
|
||||||
EXPECT_EQ(ret, 1);
|
|
||||||
uint16_t port = htons(20303);
|
|
||||||
int proto = 6;
|
|
||||||
|
|
||||||
long long results[ARRAY_SIZE] = {0};
|
|
||||||
size_t n_hit_result = 0;
|
|
||||||
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
|
||||||
ret = maat_scan_ipv4(maat_inst, table_id, sip, port, proto,
|
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
|
||||||
maat_state_reset(state);
|
|
||||||
|
|
||||||
port = htons(64999);
|
|
||||||
ret = maat_scan_ipv4(maat_inst, table_id, sip, port, proto,
|
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
||||||
EXPECT_EQ(n_hit_result, 1);
|
|
||||||
EXPECT_EQ(results[0], 169);
|
|
||||||
|
|
||||||
maat_state_free(state);
|
|
||||||
state = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
TEST_F(MaatIPScan, IPv6_IPPort) {
|
TEST_F(MaatIPScan, IPv6_IPPort) {
|
||||||
const char *table_name = "IP_PLUS_CONFIG";
|
const char *table_name = "IP_PLUS_CONFIG";
|
||||||
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
struct maat *maat_inst = MaatIPScan::_shared_maat_inst;
|
||||||
@@ -5877,7 +6017,7 @@ TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419) {
|
|||||||
ret = intval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_ADD, item21_id,
|
ret = intval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_ADD, item21_id,
|
||||||
group21_id, 31, 31, NULL, 0);
|
group21_id, 31, 31, NULL, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
@@ -5918,7 +6058,7 @@ TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419) {
|
|||||||
group22_id, 32, 32, NULL, 0);
|
group22_id, 32, 32, NULL, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
table_id = maat_get_table_id(maat_inst, app_id_table_name);
|
table_id = maat_get_table_id(maat_inst, app_id_table_name);
|
||||||
ret = maat_scan_integer(maat_inst, table_id, 31, results, ARRAY_SIZE,
|
ret = maat_scan_integer(maat_inst, table_id, 31, results, ARRAY_SIZE,
|
||||||
@@ -5971,7 +6111,7 @@ TEST_F(MaatCmdTest, GroupEdit) {
|
|||||||
group21_id, 41, 41, NULL, 0);
|
group21_id, 41, 41, NULL, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
uint32_t ip_addr;
|
uint32_t ip_addr;
|
||||||
inet_pton(AF_INET, "192.168.3.2", &ip_addr);
|
inet_pton(AF_INET, "192.168.3.2", &ip_addr);
|
||||||
@@ -6149,7 +6289,7 @@ TEST_F(MaatCmdTest, UpdateDeadLockDetection) {
|
|||||||
"part-1", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
|
"part-1", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
const char* scan_data1 = "scan string part-1.";
|
const char* scan_data1 = "scan string part-1.";
|
||||||
const char* scan_data2 = "scan string part-2.";
|
const char* scan_data2 = "scan string part-2.";
|
||||||
@@ -6238,7 +6378,7 @@ TEST_F(MaatCmdTest, StreamScanWhenExprTableIncUpdate) {
|
|||||||
"stream-keywords-001-inc-update", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
|
"stream-keywords-001-inc-update", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
/* maat_stream store expr_runtime version when maat_stream_new().
|
/* maat_stream store expr_runtime version when maat_stream_new().
|
||||||
Add new expr_item has changed expr_runtime version which has been sensed by maat_stream_scan.
|
Add new expr_item has changed expr_runtime version which has been sensed by maat_stream_scan.
|
||||||
@@ -6286,7 +6426,7 @@ TEST_F(MaatCmdTest, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
|
|||||||
"stream-keywords-002", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
|
"stream-keywords-002", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
const char *scan_data = "Here is a stream-keywords-002, this should hit.";
|
const char *scan_data = "Here is a stream-keywords-002, this should hit.";
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
@@ -6360,7 +6500,7 @@ TEST_F(MaatCmdTest, IPAndStreamScanWhenIncUpdate) {
|
|||||||
compile1_id, 0, "null", 1, 0);
|
compile1_id, 0, "null", 1, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
@@ -6385,7 +6525,7 @@ TEST_F(MaatCmdTest, IPAndStreamScanWhenIncUpdate) {
|
|||||||
"null", 1, 0);
|
"null", 1, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
const char *scan_data = "Here is a stream-keywords-003, this should hit.";
|
const char *scan_data = "Here is a stream-keywords-003, this should hit.";
|
||||||
table_id = maat_get_table_id(maat_inst, expr_table_name);
|
table_id = maat_get_table_id(maat_inst, expr_table_name);
|
||||||
@@ -6452,7 +6592,7 @@ TEST_F(MaatCmdTest, IPAndStreamScanWhenFullUpdate) {
|
|||||||
compile1_id, 0, "null", 1, 0);
|
compile1_id, 0, "null", 1, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
@@ -6543,7 +6683,7 @@ TEST_F(MaatCmdTest, IPAndStringScanWhenIncUpdate) {
|
|||||||
compile1_id, 0, "null", 1, 0);
|
compile1_id, 0, "null", 1, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
@@ -6568,7 +6708,7 @@ TEST_F(MaatCmdTest, IPAndStringScanWhenIncUpdate) {
|
|||||||
"null", 1, 0);
|
"null", 1, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
const char *scan_data = "Here is a IP and stringinc, this should hit.";
|
const char *scan_data = "Here is a IP and stringinc, this should hit.";
|
||||||
table_id = maat_get_table_id(maat_inst, expr_table_name);
|
table_id = maat_get_table_id(maat_inst, expr_table_name);
|
||||||
@@ -6634,7 +6774,7 @@ TEST_F(MaatCmdTest, IPAndStringScanWhenFullupdate) {
|
|||||||
compile1_id, 0, "null", 1, 0);
|
compile1_id, 0, "null", 1, 0);
|
||||||
EXPECT_EQ(ret, 1);
|
EXPECT_EQ(ret, 1);
|
||||||
|
|
||||||
sleep(WAIT_FOR_EFFECTIVE_S);
|
sleep(WAIT_FOR_EFFECTIVE_S * 2);
|
||||||
|
|
||||||
long long results[ARRAY_SIZE] = {0};
|
long long results[ARRAY_SIZE] = {0};
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
|
|||||||
@@ -2942,6 +2942,37 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"compile_id": 210,
|
||||||
|
"service": 0,
|
||||||
|
"action": 0,
|
||||||
|
"do_blacklist": 0,
|
||||||
|
"do_log": 0,
|
||||||
|
"effective_rage": 0,
|
||||||
|
"user_region": "ipv6_::",
|
||||||
|
"is_valid": "yes",
|
||||||
|
"groups": [
|
||||||
|
{
|
||||||
|
"regions": [
|
||||||
|
{
|
||||||
|
"table_type": "ip_plus",
|
||||||
|
"table_name": "IP_PLUS_CONFIG",
|
||||||
|
"table_content": {
|
||||||
|
"addr_type": "ipv6",
|
||||||
|
"addr_format": "CIDR",
|
||||||
|
"ip1": "::",
|
||||||
|
"ip2": "0",
|
||||||
|
"port_format": "range",
|
||||||
|
"port1": "64000",
|
||||||
|
"port2": "64999",
|
||||||
|
"protocol": 6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"not_flag": 0
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"plugin_table": [
|
"plugin_table": [
|
||||||
|
|||||||
Reference in New Issue
Block a user